[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Byte-count lifetime enforcement?

To: Dan McDonald <danmcd@Eng.Sun.Com>
Subject: Re: Byte-count lifetime enforcement?
From: Stephen Kent <kent@bbn.com>
Date: Mon, 29 Jun 1998 16:04:01 -0400
Cc: ipsec@tis.com
In-Reply-To: <199806270146.SAA14958@kebe.eng.sun.com>
Sender: owner-ipsec@ex.tis.com

Dan,

Good point.  Sorry the arch doc was not clear enough on this point.  For
both AH and ESP, my intent was to count IP payload, prior to adding the ESP
header and trailer.  (This makes it easy to use the IP total length value
that is already available to the implementation.) The text suggests more of
an algorithm input approach;  I don't recall who proivided that clarifying
text, but I apologize for not having examined it more closely.  I don't
like the algorithm input approach as it seems ambiguous when we apply two
algorithms, i.e., for encryption and authentication, since they cover
different sets of bytes!

Steve

References:

Byte-count lifetime enforcement?

From: Dan McDonald <danmcd@Eng.Sun.Com>

Prev by Date: RE: Byte-count lifetime enforcement?
Next by Date: Proposed charter
Prev by thread: Re: Byte-count lifetime enforcement?
Next by thread: RE: Byte-count lifetime enforcement?
Index(es):
- Main
- Thread